Addressing Challenges in Transport Layer Security Through Operating System and Administrator Control

Transport Layer Security (TLS) is the most widely-used security protocol on the Internet today. Despite its many strengths, the use of TLS suffers from some vulnerabilities in practice due to the placement of trust in remote organizations, misuse of security libraries by application developers, and general inflexibility in the trust decision process. We propose mitigating these vulnerabilities by imposing a fundamental shift of power and responsibility from remote entities and application developers to operating system vendors and system administrators.

This shift of responsibility will be implemented in three phases. First, we propose the development and evaluation of TrustBase, an operating system service that provides uniform TLS trust decisions according to administrator configuration and provides flexibility to the TLS trust model by enabling rapid prototyping and deployment of alternatives. Second, we will extend administrator control and remove the burden of understanding security libraries currently placed on application developers by implementing a TLS socket protocol service with a standard POSIX-like socket API. Finally, we will introduce client authentication natively into the operating system for use in TLS mutual authentication, providing a trusted interface for system-wide deployment of usable certificate-based authentication.